Job Description
Security Operations Center Manager OneMain General Services Corporation - 3.2 Baltimore, MD Job Details Full-time 21 hours ago Qualifications Endpoint Security Intrusion detection analysis Threat hunting activities Resource allocation (project management tasks) Security team coordination Team leadership Operational management Endpoint Detection and Response (EDR) Information & network security team management Information security compliance Programming languages Cloud security best practices implementation Technology management Incident management operations support Security threat response protocols Behavior analysis Log analysis tools Regulatory Frameworks (Architecture security) SOAR platforms Threat intelligence
MITRE ATT&CK
Incident response implementation Automation tools Security system management Network event correlation IT security monitoring Full Job Description Position Overview:
We are seeking an experienced and highly skilled Security Operations Center (SOC) Manager to lead our cybersecurity operations team. The SOC Manager will oversee the full security operations lifecycle, from threat detection and incident response to team development and planning. This role is critical to ensure our organization maintains a robust security posture while managing day-to-day security operations. Key Responsibilities:
Lead end-to-end incident response activities, including detection, containment, eradication, recovery, and post-incident review Direct SOC analysts in threat detection, triage, investigation, and remediation efforts Maintain accurate incident documentation, escalation workflows, ticket management, and timely event resolution Develop and implement SOAR workflows to automate investigations, response actions, and repetitive security tasks Improve operational efficiency and reduce MTTR through process automation and continuous optimization Develop custom SIEM detection rules and signatures based on evolving business needs, threat intelligence, and threat hunting findings Develop, track, and report SOC KPIs, including MTTD, MTTA, MTTR, dwell time, false positives, and incident closure rates Provide leadership with regular updates on security operations, incident trends, and overall security posture Maintain and improve SOC strategies, policies, SOPs, playbooks, and operational processes Required Qualifications:
Deep technical hands-on knowledge of security monitoring tools and technologies including SIEM, IDS/IPS, EDR/XDR, NDR, firewalls, and SOAR platforms Strong understanding of threat intelligence, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and attack methodologies Expert knowledge of security frameworks and methodologies including NIST Cybersecurity Framework, ISO 27001, MITRE ATT&CK, etc. Proficiency in log analysis, network traffic analysis, threat hunting techniques, and behavioral analysis Strong understanding of cloud security principles and cloud-native security tools Fundamental understanding of programming and scripting languages (Python, PowerShell, Bash) for automation, log parsing, and data analysis At least two industry recognized certifications e.g.: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), GCIH (GIAC Certified Incident Handler), GCIA (GIAC Certified Intrusion Analyst), GCFA (GIAC Certified Forensic Analyst), GSOM (GIAC Security Operations Manager), CSOM (Certified Security Operations Manager) Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent professional experience). Preferred Qualifications:
Experience in the financial services industry with deep understanding of financial sector threat landscape, regulatory requirements. Experience Requirements:
Minimum 8-10 years of progressive experience in information security and cybersecurity operations Minimum 7 years of hands-on experience in security operations, with demonstrated expertise across all three SOC tiers (Tier 1 triage, Tier 2 incident response, and Tier 3 threat hunting/advanced analysis) Minimum 5 years of direct SOC management experience, including team leadership, resource planning, and operational oversight Minimum 2 years of hands-on experience with SIEM platforms, including rule creation, testing, tuning, and change management Proven experience managing 24/7 security operations with demonstrable results in incident response effectiveness OneMain Holdings, Inc. is an Equal Employment Opportunity (EEO) employer. Qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship status, color, creed, culture, disability, ethnicity, gender, gender identity or expression, genetic information or history, marital status, military status, national origin, nationality, pregnancy, race, religion, sex, sexual orientation, socioeconomic status, transgender or on any other basis protected by law.
